#!/bin/bash -x

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

if [[ $EUID != 0 ]]; then
  echo "$0: error: expected to be root."
  exit 1
fi

if ! type -t fcopy &>/dev/null; then
  sudo apt-get -y install fai-client
fi

chroot $FAI_ROOT bash <<'EOFOUTER'
set -eE -o pipefail
if getent group systemd-journal >/dev/null; then
  # makes the journal be saved to disk.
  mkdir -p /var/log/journal
  chmod 755 /var/log/journal
fi
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
apt-get install -y pxe-kexec
EOFOUTER

# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
fcopy -riBM /boot
# this is also done by FABASE/10-misc by default.
fcopy -riBM /root


src=$FAI/distro-install-common/shadow
dst=/q/root/shadow
if [[ ! -e $dst && -e $src ]]; then
  # outside of fai context, we skip this
  mkdir -p $dst
  mount -o bind $src $dst
fi

$FAI/distro-install-common/end
if ifclass VOL_STRETCH_BOOTSTRAP; then
  fcopy -riM /etc/systemd/system
  chroot $FAI_ROOT bash <<'EOFOUTER'
systemctl enable fai_check.service
EOFOUTER
  exit 0 # avoid unnecessary stuff in bootstrap vol
fi


# these get copied in an earlier stage by fai, but leaving it here since
# I run this as a single post-fai script to update things that have changed.
fcopy -riBM /etc/apt
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
# so add a sleep. 1 sec is probably way more than needed.
sleep 1
f=$FAI_ROOT/var/cache/apt/pkgcache.bin
if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
  i=0
  while fuser $FAI_ROOT/var/lib/dpkg/lock &>/dev/null; do
    sleep 1
    i=$(( i+1 ))
    if (( i > 300 )); then
      echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
      exit 1
    fi
    $ROOTCMD apt-get update
  done
fi


chroot $FAI_ROOT bash <<'EOF'
#### begin .ssh setup ###
set -eE -o pipefail
mkdir -p /home/iank/.ssh
f=/root/.ssh/authorized_keys
if [[ -e $f ]]; then
   cp $f /home/iank/.ssh
fi
chown -R 1000:1000 /home/iank/.ssh
chmod -R u=Xrw,og= /home/iank/.ssh
rm -rf /root/.ssh
# remove broken symlinks or the following cp will fail
find /home/iank/.ssh -xtype l -exec rm '{}' \;
cp -rL /home/iank/.ssh /root
chown -R root:root /root/.ssh
chmod 700 /root/.ssh
#### end .ssh setup ###

# this is needed to enable resolvconf, making /etc/resolv.conf be a symlink.
# why? i dun know, it\'s really  dumb.
dpkg-reconfigure -fnoninteractive resolvconf

# default jessie groups + kvm, systemd-journal, adm
for g in adm cdrom floppy sudo audio dip video plugdev netdev; do
  if getent gropu $g >/dev/null; then
    usermod -aG $g iank
  fi
done

if getent group systemd-journal >/dev/null; then
  usermod -aG systemd-journal iank
fi


# this is usefull. Only thing reason I see this being disabled by default is
# that a normal user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf
EOF


if [[ $FAI_ACTION != dirinstall ]]; then


  # luks options, see man systemd-cryptsetup-generator
  # all i know is that with luks.crypttab=no, swap still timed out on boot.
  # and with rd.luks.crypttab=no, it works.
  cmdline="rd.luks.crypttab=no console=ttyS0"
  if ifclass LINODE; then
    speed=19200
    cmdline+=",${speed}n8"
    cmdline="rd.luks.crypttab=no console=ttyS0,${speed}n8"
  else
    speed=115200
    cmdline+=",${speed}n8 console=tty0"
  fi

  cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
#!/bin/sh
exec tail -n +3 \$0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

# https://www.coreboot.org/Serial_console # tty
# but removed unneeded stuff

serial --speed=$speed
terminal_input --append  serial
terminal_output --append serial
EOF


  chroot $FAI_ROOT bash <<EOF
set -eE -o pipefail
# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
# we remove quiet and splash, and all thats left is what we want

if grep -qF "$cmdline" /etc/default/grub; then
  # already set things, exit
  exit 0
fi
sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
# on xenial, no grub is displayed at all. fix that.
# found just by noticing this in the config file, and a
# warning about it in error.log
sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub

update-grub2
EOF

  if [[ ! $FAI_WRAPPER ]]; then
    chroot $FAI_ROOT bash <<EOF
# Just include all of them for now incase we are creating
# an install for a different machine.. in distro-begin, we
# slim it down to whats used.
find /lib/modules/*/kernel/drivers/net /lib/modules/*/kernel/net -type f -name '*.ko' -printf "%f\n" | sed 's/.ko$//' | sort -u >/etc/initramfs-tools/modules
update-initramfs -u -k all
EOF
  fi
fi


# reading through the groups that iank is in but user2 isn't,
for g in plugdev audio video cdrom; do
  $ROOTCMD usermod -a -G $g user2
done